Red Hat Storage
Recent Red Hat Storage Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2023:0980 | (RHSA-2023:0980) Important: Red Hat Ceph Storage 5.3 Bug fix and security update | February 28, 2023 |
RHSA-2023:0076 | (RHSA-2023:0076) Moderate: Red Hat Ceph Storage 5.3 security update and Bug Fix | January 11, 2023 |
RHSA-2022:6024 | (RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update | August 9, 2022 |
RHSA-2022:5997 | (RHSA-2022:5997) Moderate: Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update | August 9, 2022 |
RHSA-2022:1716 | (RHSA-2022:1716) Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update | May 5, 2022 |
RHSA-2022:1394 | (RHSA-2022:1394) Important: Red Hat Ceph Storage 3 Security and Bug Fix update | April 19, 2022 |
RHSA-2022:1174 | (RHSA-2022:1174) Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update | April 4, 2022 |
RHSA-2022:0308 | (RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update | January 27, 2022 |
RHSA-2021:4845 | (RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update | November 29, 2021 |
RHSA-2021:3748 | (RHSA-2021:3748) Moderate: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update | October 7, 2021 |
By the Year
In 2023 there have been 0 vulnerabilities in Red Hat Storage . Last year Storage had 4 security vulnerabilities published. Right now, Storage is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 4 | 6.80 |
2021 | 0 | 0.00 |
2020 | 4 | 5.70 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Storage vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Storage Security Vulnerabilities
A flaw was found in Keystone
CVE-2022-2447
6.6 - Medium
- September 01, 2022
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Operation on a Resource after Expiration or Release
MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2021-3670
6.5 - Medium
- August 23, 2022
MaxQueryDuration not honoured in Samba AD DC LDAP
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
CVE-2022-26148
9.8 - Critical
- March 21, 2022
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
Cleartext Storage of Sensitive Information
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition
CVE-2021-44141
4.3 - Medium
- February 21, 2022
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
insecure temporary file
A flaw was found in the way samba handled file and directory permissions
CVE-2020-14318
4.3 - Medium
- December 03, 2020
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
Incorrect Privilege Assignment
A NULL pointer dereference
CVE-2020-10730
6.5 - Medium
- July 07, 2020
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
NULL Pointer Dereference
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules
CVE-2020-10685
5.5 - Medium
- May 11, 2020
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
Insufficient Cleanup
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained
CVE-2019-14907
6.5 - Medium
- January 21, 2020
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Out-of-bounds Read
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
CVE-2014-0221
- June 05, 2014
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used
CVE-2014-3470
- June 05, 2014
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
NULL Pointer Dereference
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which
CVE-2014-0224
7.4 - High
- June 05, 2014
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Inadequate Encryption Strength
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets
CVE-2014-0160
7.5 - High
- April 07, 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Out-of-bounds Read
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which
CVE-2012-0876
- July 03, 2012
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Resource Exhaustion
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10
CVE-2012-1938
- June 05, 2012
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags
CVE-2012-0248
5.5 - Medium
- June 05, 2012
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
Infinite Loop
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3
CVE-2012-1798
6.5 - Medium
- June 05, 2012
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
Out-of-bounds Read
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3
CVE-2012-0260
6.5 - Medium
- June 05, 2012
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
Resource Exhaustion
ImageMagick 6.7.5-7 and earlier
CVE-2012-0247
8.8 - High
- June 05, 2012
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
Improper Input Validation
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which
CVE-2012-0053
- January 28, 2012
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might
CVE-2012-0031
- January 18, 2012
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Eus or by Red Hat? Click the Watch button to subscribe.
